1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00

[PM-3561] Clean the return url of any whitespace (#3696)

* clean the return url of any whitespace

* ReplaceWhiteSpace helper

* tests for ReplaceWhiteSpace helper

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
This commit is contained in:
Kyle Spearrin 2024-02-06 13:30:37 -05:00 committed by GitHub
parent 7c4854f75a
commit fc1d7c7059
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 19 additions and 0 deletions

View File

@ -209,6 +209,8 @@ public class AccountController : Controller
returnUrl = "~/";
}
// Clean the returnUrl
returnUrl = CoreHelpers.ReplaceWhiteSpace(returnUrl, string.Empty);
if (!Url.IsLocalUrl(returnUrl) && !_interaction.IsValidReturnUrl(returnUrl))
{
throw new Exception(_i18nService.T("InvalidReturnUrl"));

View File

@ -31,6 +31,7 @@ public static class CoreHelpers
private static readonly DateTime _max = new DateTime(9999, 1, 1, 0, 0, 0, DateTimeKind.Utc);
private static readonly Random _random = new Random();
private static readonly string RealConnectingIp = "X-Connecting-IP";
private static readonly Regex _whiteSpaceRegex = new Regex(@"\s+");
/// <summary>
/// Generate sequential Guid for Sql Server.
@ -868,4 +869,9 @@ public static class CoreHelpers
return null;
}
public static string ReplaceWhiteSpace(string input, string newValue)
{
return _whiteSpaceRegex.Replace(input, newValue);
}
}

View File

@ -438,4 +438,15 @@ public class CoreHelpersTests
{
Assert.Null(CoreHelpers.GetEmailDomain(wrongEmail));
}
[Theory]
[InlineData("hello world")]
[InlineData(" hello world ")]
[InlineData("hello\tworld")]
[InlineData("hello\r\nworld")]
[InlineData("hello\nworld")]
public void ReplaceWhiteSpace_Success(string email)
{
Assert.Equal("helloworld", CoreHelpers.ReplaceWhiteSpace(email, string.Empty));
}
}